From 03e6ae850ce718c008636bd8db093f453e62ccf3 Mon Sep 17 00:00:00 2001
From: Andrew Butcher <abutcher@redhat.com>
Date: Thu, 12 Nov 2015 10:46:25 -0500
Subject: Refactor named certificates.

---
 playbooks/common/openshift-master/config.yml | 53 +++++++++++++++++++++++-----
 1 file changed, 44 insertions(+), 9 deletions(-)

(limited to 'playbooks/common/openshift-master')

diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index b1da85d5d..8719d080d 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -204,14 +204,6 @@
       validate_checksum: yes
     with_items: masters_needing_certs
 
-- name: Inspect named certificates
-  hosts: oo_first_master
-  tasks:
-  - name: Collect certificate names
-    set_fact:
-      parsed_named_certificates: "{{ openshift_master_named_certificates | oo_parse_certificate_names(master_cert_config_dir, openshift.common.internal_hostnames) }}"
-    when: openshift_master_named_certificates is defined
-
 - name: Compute haproxy_backend_servers
   hosts: localhost
   connection: local
@@ -272,11 +264,54 @@
                                       | map(attribute='stdout')
                                       | list) }}"
 
+- name: Parse named certificates
+  hosts: localhost
+  vars:
+    internal_hostnames: "{{ hostvars[groups.oo_first_master.0].openshift.common.internal_hostnames }}"
+    named_certificates: "{{ hostvars[groups.oo_first_master.0].openshift_master_named_certificates | default([]) }}"
+    named_certificates_dir: "{{ hostvars[groups.oo_first_master.0].master_cert_config_dir }}/named_certificates/"
+  tasks:
+  - set_fact:
+      parsed_named_certificates: "{{ named_certificates | oo_parse_named_certificates(named_certificates_dir, internal_hostnames) }}"
+    when: named_certificates | length > 0
+
+- name: Deploy named certificates
+  hosts: oo_masters_to_config
+  vars:
+    named_certs_dir: "{{ master_cert_config_dir }}/named_certificates/"
+    named_certs_specified: "{{ openshift_master_named_certificates is defined }}"
+    overwrite_named_certs: "{{ openshift_master_overwrite_named_certificates | default(false) }}"
+  roles:
+  - role: openshift_facts
+  post_tasks:
+  - openshift_facts:
+      role: master
+      local_facts:
+        named_certificates: "{{ hostvars.localhost.parsed_named_certificates | default([]) }}"
+      overwrite_additive_facts: "{{ overwrite_named_certs }}"
+  - name: Clear named certificates
+    file:
+      path: "{{ named_certs_dir }}"
+      state: absent
+    when: overwrite_named_certs | bool
+  - name: Ensure named certificate directory exists
+    file:
+      path: "{{ named_certs_dir }}"
+      state: directory
+    when: named_certs_specified | bool
+  - name: Land named certificates
+    copy: src="{{ item.certfile }}" dest="{{ named_certs_dir }}"
+    with_items: openshift_master_named_certificates
+    when: named_certs_specified | bool
+  - name: Land named certificate keys
+    copy: src="{{ item.keyfile }}" dest="{{ named_certs_dir }}"
+    with_items: openshift_master_named_certificates
+    when: named_certs_specified | bool
+
 - name: Configure master instances
   hosts: oo_masters_to_config
   serial: 1
   vars:
-    named_certificates: "{{ hostvars[groups['oo_first_master'][0]]['parsed_named_certificates'] | default([])}}"
     sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}"
     openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}"
     openshift_master_count: "{{ groups.oo_masters_to_config | length }}"
-- 
cgit v1.2.3


From 927e585bbeb049523313bacedc57efee2eacf232 Mon Sep 17 00:00:00 2001
From: Andrew Butcher <abutcher@redhat.com>
Date: Mon, 16 Nov 2015 16:01:35 -0500
Subject: Add additive_facts_to_overwrite instead of overwriting all
 additive_facts

---
 playbooks/common/openshift-master/config.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'playbooks/common/openshift-master')

diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index 8719d080d..ff1579218 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -288,7 +288,8 @@
       role: master
       local_facts:
         named_certificates: "{{ hostvars.localhost.parsed_named_certificates | default([]) }}"
-      overwrite_additive_facts: "{{ overwrite_named_certs }}"
+      additive_facts_to_overwrite:
+      - "{{ 'master.named_certificates' if overwrite_named_certs | bool else omit }}"
   - name: Clear named certificates
     file:
       path: "{{ named_certs_dir }}"
-- 
cgit v1.2.3


From 8741b61d46361deffd5d67a310f1995ae2217b77 Mon Sep 17 00:00:00 2001
From: Andrew Butcher <abutcher@redhat.com>
Date: Fri, 20 Nov 2015 09:17:16 -0500
Subject: Replace map with oo_collect to support python-jinja2 <2.7

---
 playbooks/common/openshift-master/config.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'playbooks/common/openshift-master')

diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index ff1579218..902fde956 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -60,7 +60,7 @@
     register: g_external_etcd_cert_stat_result
   - set_fact:
       etcd_client_certs_missing: "{{ g_external_etcd_cert_stat_result.results
-                                    | map(attribute='stat.exists')
+                                    | oo_collect(attribute='stat.exists')
                                     | list | intersect([false])}}"
       etcd_cert_subdir: openshift-master-{{ openshift.common.hostname }}
       etcd_cert_config_dir: "{{ openshift.common.config_base }}/master"
@@ -157,7 +157,7 @@
     register: g_master_cert_stat_result
   - set_fact:
       master_certs_missing: "{{ False in (g_master_cert_stat_result.results
-                                | map(attribute='stat.exists')
+                                | oo_collect(attribute='stat.exists')
                                 | list ) }}"
       master_cert_subdir: master-{{ openshift.common.hostname }}
       master_cert_config_dir: "{{ openshift.common.config_base }}/master"
@@ -257,11 +257,11 @@
   - set_fact:
       session_auth_secret: "{{ openshift_master_session_auth_secrets
                                 | default(session_auth_output.results
-                                | map(attribute='stdout')
+                                | oo_collect(attribute='stdout')
                                 | list) }}"
       session_encryption_secret: "{{ openshift_master_session_encryption_secrets
                                       | default(session_encryption_output.results
-                                      | map(attribute='stdout')
+                                      | oo_collect(attribute='stdout')
                                       | list) }}"
 
 - name: Parse named certificates
-- 
cgit v1.2.3


From 4013fd47fed61ceb0b92cfa4c271b420b4ced66b Mon Sep 17 00:00:00 2001
From: Federico Simoncelli <fsimonce@redhat.com>
Date: Wed, 25 Nov 2015 14:08:49 +0100
Subject: Make sure that OpenSSL is installed before use

Signed-off-by: Federico Simoncelli <fsimonce@redhat.com>
---
 playbooks/common/openshift-master/config.yml | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'playbooks/common/openshift-master')

diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index 902fde956..2be25b1e3 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -244,6 +244,8 @@
   - fail:
       msg: "openshift_master_session_auth_secrets and openshift_master_encryption_secrets must be equal length"
     when: (openshift_master_session_auth_secrets is defined and openshift_master_session_encryption_secrets is defined) and (openshift_master_session_auth_secrets | length != openshift_master_session_encryption_secrets | length)
+  - name: Install OpenSSL package
+    action: "{{ansible_pkg_mgr}} pkg=openssl state=present"
   - name: Generate session authentication key
     command: /usr/bin/openssl rand -base64 24
     register: session_auth_output
-- 
cgit v1.2.3


From 2bfed1383e4d8eed1e0ab3e4c99eecacc5936047 Mon Sep 17 00:00:00 2001
From: Andrew Butcher <abutcher@redhat.com>
Date: Wed, 25 Nov 2015 13:22:52 -0500
Subject: Use admin.kubeconfig for get svc ip.

---
 playbooks/common/openshift-master/config.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'playbooks/common/openshift-master')

diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index 902fde956..f8d90374e 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -355,7 +355,7 @@
   hosts: oo_first_master
   tasks:
   - name: Get master service ip
-    command: "{{ openshift.common.client_binary }} get -o template svc kubernetes --template=\\{\\{.spec.clusterIP\\}\\}"
+    command: "{{ openshift.common.client_binary }} -n default --config={{ openshift.common.config_base }}/master/admin.kubeconfig get -o template svc kubernetes --template=\\{\\{.spec.clusterIP\\}\\}"
     register: master_service_ip_output
     when: openshift.common.version_greater_than_3_1_or_1_1 | bool
   - set_fact:
-- 
cgit v1.2.3


From a2dc715e54f47fa2abbac58d9d04565837bc6e56 Mon Sep 17 00:00:00 2001
From: Jason DeTiberus <jdetiber@redhat.com>
Date: Tue, 24 Nov 2015 10:49:44 -0500
Subject: Set api version for oc commands

---
 playbooks/common/openshift-master/config.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'playbooks/common/openshift-master')

diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index 43e7836b3..f382494bd 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -353,11 +353,16 @@
   - role: openshift_cluster_metrics
     when: openshift.common.use_cluster_metrics | bool
 
+  # TODO: Setting the cluster dns ip should be pushed into openshift-facts
 - name: Determine cluster dns ip
   hosts: oo_first_master
   tasks:
   - name: Get master service ip
-    command: "{{ openshift.common.client_binary }} -n default --config={{ openshift.common.config_base }}/master/admin.kubeconfig get -o template svc kubernetes --template=\\{\\{.spec.clusterIP\\}\\}"
+    command: >
+      {{ openshift.common.client_binary }} -n default
+      --config={{ openshift.common.config_base }}/master/admin.kubeconfig
+      get -o template svc kubernetes --template=\\{\\{.spec.clusterIP\\}\\}
+      --output-version=v1
     register: master_service_ip_output
     when: openshift.common.version_greater_than_3_1_or_1_1 | bool
   - set_fact:
-- 
cgit v1.2.3


From 6a71953ec28a358223a96444ea6ba5b2139becde Mon Sep 17 00:00:00 2001
From: Andrew Butcher <abutcher@redhat.com>
Date: Tue, 1 Dec 2015 11:44:13 -0500
Subject: Fix kubernetes service ip gathering.

---
 playbooks/common/openshift-master/config.yml | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

(limited to 'playbooks/common/openshift-master')

diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index f382494bd..1c8a92122 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -358,11 +358,8 @@
   hosts: oo_first_master
   tasks:
   - name: Get master service ip
-    command: >
-      {{ openshift.common.client_binary }} -n default
-      --config={{ openshift.common.config_base }}/master/admin.kubeconfig
-      get -o template svc kubernetes --template=\\{\\{.spec.clusterIP\\}\\}
-      --output-version=v1
+    # This command has to be on a single line.
+    command: "{{ openshift.common.client_binary }} -n default --config={{ openshift.common.config_base }}/master/admin.kubeconfig get -o template svc kubernetes --template=\\{\\{.spec.clusterIP\\}\\} --output-version=v1"
     register: master_service_ip_output
     when: openshift.common.version_greater_than_3_1_or_1_1 | bool
   - set_fact:
-- 
cgit v1.2.3


From 192ccc8e6e6f465351828f32e9dc43b840897b67 Mon Sep 17 00:00:00 2001
From: Andrew Butcher <abutcher@redhat.com>
Date: Tue, 1 Dec 2015 16:30:05 -0500
Subject: Refactor dns options and facts.

---
 playbooks/common/openshift-master/config.yml | 16 ----------------
 1 file changed, 16 deletions(-)

(limited to 'playbooks/common/openshift-master')

diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index 1c8a92122..785a78497 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -353,22 +353,6 @@
   - role: openshift_cluster_metrics
     when: openshift.common.use_cluster_metrics | bool
 
-  # TODO: Setting the cluster dns ip should be pushed into openshift-facts
-- name: Determine cluster dns ip
-  hosts: oo_first_master
-  tasks:
-  - name: Get master service ip
-    # This command has to be on a single line.
-    command: "{{ openshift.common.client_binary }} -n default --config={{ openshift.common.config_base }}/master/admin.kubeconfig get -o template svc kubernetes --template=\\{\\{.spec.clusterIP\\}\\} --output-version=v1"
-    register: master_service_ip_output
-    when: openshift.common.version_greater_than_3_1_or_1_1 | bool
-  - set_fact:
-      cluster_dns_ip: "{{ hostvars[groups.oo_first_master.0].openshift.dns.ip }}"
-    when: not openshift.common.version_greater_than_3_1_or_1_1 | bool
-  - set_fact:
-      cluster_dns_ip: "{{ master_service_ip_output.stdout }}"
-    when: openshift.common.version_greater_than_3_1_or_1_1 | bool
-
 - name: Enable cockpit
   hosts: oo_first_master
   vars:
-- 
cgit v1.2.3


From 04ce758d35666c9f887a9bb1b44ccae1d20ee908 Mon Sep 17 00:00:00 2001
From: enoodle <efreiber@redhat.com>
Date: Mon, 23 Nov 2015 17:46:27 +0200
Subject: ManageIQ Service Account: added role for ManageIQ service account

Signed-off-by: enoodle <efreiber@redhat.com>
---
 playbooks/common/openshift-master/config.yml | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'playbooks/common/openshift-master')

diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index 902fde956..7bdaca2c9 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -350,6 +350,8 @@
   - openshift_examples
   - role: openshift_cluster_metrics
     when: openshift.common.use_cluster_metrics | bool
+  - role: openshift_manageiq
+    when: openshift.common.use_manageiq | bool
 
 - name: Determine cluster dns ip
   hosts: oo_first_master
-- 
cgit v1.2.3


From dd17fd49597ec27f66ff9436f211036125dbb08f Mon Sep 17 00:00:00 2001
From: Andrew Butcher <abutcher@redhat.com>
Date: Wed, 9 Dec 2015 12:08:56 -0500
Subject: Simplify session secrets overrides.

---
 playbooks/common/openshift-master/config.yml | 12 ++----------
 1 file changed, 2 insertions(+), 10 deletions(-)

(limited to 'playbooks/common/openshift-master')

diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index becd68dbe..196cdc8fe 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -249,22 +249,14 @@
   - name: Generate session authentication key
     command: /usr/bin/openssl rand -base64 24
     register: session_auth_output
-    with_sequence: count=1
     when: openshift_master_session_auth_secrets is undefined
   - name: Generate session encryption key
     command: /usr/bin/openssl rand -base64 24
     register: session_encryption_output
-    with_sequence: count=1
     when: openshift_master_session_encryption_secrets is undefined
   - set_fact:
-      session_auth_secret: "{{ openshift_master_session_auth_secrets
-                                | default(session_auth_output.results
-                                | oo_collect(attribute='stdout')
-                                | list) }}"
-      session_encryption_secret: "{{ openshift_master_session_encryption_secrets
-                                      | default(session_encryption_output.results
-                                      | oo_collect(attribute='stdout')
-                                      | list) }}"
+      session_auth_secret: "{{ openshift_master_session_auth_secrets | default([session_auth_output.stdout]) }}"
+      session_encryption_secret: "{{ openshift_master_session_encryption_secrets | default([session_encryption_output.stdout]) }}"
 
 - name: Parse named certificates
   hosts: localhost
-- 
cgit v1.2.3